According to Cybersecurity Dive, artificial intelligence is no longer experimental technology as more than 70% of S&P 500 companies now identify AI as a material risk in their public disclosures, according to a recent report from The Conference Board. In 2023, that percentage was 12%.

The article reports that major companies are no longer just testing AI in isolated pilots; they’re embedding it across core business systems including product design, logistics, credit modeling, and customer-facing interfaces. At the same time, it is important to note, these companies acknowledge confronting significant security and privacy challenges, among others, in their public disclosures.

  • Reputational Risk: Leading the way is reputational risk, with more than a third of companies worried about potential brand damage. This concern centers on scenarios like service breakdowns, mishandling of consumer privacy, or customer-facing AI tools that fail to meet expectations.
  • Cybersecurity Risk: One in five S&P 500 companies explicitly cite cybersecurity concerns related to AI deployment. According to Cybersecurity Dive, AI technology expands the attack surface, creating new vulnerabilities that malicious actors can exploit. Compounding these risks, companies face dual exposure—both from their own AI implementations and from third-party AI applications.
  • Regulatory Risk: Companies are also navigating a rapidly shifting legal landscape as state and federal governments scramble to establish guardrails while supporting continued innovation.

One of the biggest drivers of these risks, perhaps, is a lack of governance. PwC’s 2025 Annual Corporate Director’s Survey reveals that only 35% of corporate boards have formally integrated AI into their oversight responsibilities—a clear indication that governance structures are struggling to keep pace with technological deployment.

Not surprisingly, innovation seems to be moving quite a bit faster than governance. That gap is contributing to various risks identified by most of the S&P 500. Extrapolating that reality, there is a good chance that small and mid-sized companies are in a similar position. Enhancing governance, such as through sensible risk assessment, robust security frameworks, training, etc., may help to narrow that gap.

Tags: AI, Conference Board, Cybersecurity Dive, public dicslosures, reputational risk, S&P 500
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the…

Joseph J. Lazzarotti is a principal in the Tampa, Florida, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Read more about Joseph J. Lazzarotti
Show more Show less
Photo of Brian L. McDermott Brian L. McDermott

Brian L. McDermott is the office managing principal of the Indianapolis, Indiana, office of Jackson Lewis P.C. His practice focuses on workplace training and representation of employers in labor and employment litigation.

Brian has dedicated his legal career of more than 25 years…

Brian L. McDermott is the office managing principal of the Indianapolis, Indiana, office of Jackson Lewis P.C. His practice focuses on workplace training and representation of employers in labor and employment litigation.

Brian has dedicated his legal career of more than 25 years to representing private and public employers in individual, class, and collective employment actions, including cases involving: the FMLA, the ADA, Title VII, the ADEA, ERISA, the FLSA, the NLRA, covenant not to compete matters, trade secret matters, state wage laws, and wrongful discharge matters. He has represented employers in federal and state courts, labor arbitrations, and administrative agencies (including the EEOC and NLRB) throughout the country. He also has represented employers before the United States Court of Appeals for the Sixth and Seventh Circuits on multiple occasions.

Brian devotes a substantial portion of his practice to litigation avoidance and counseling. To this end, he works with employers to provide valuable employment training, including sexual harassment, hiring, employee terminations, union avoidance, diversity, and FMLA training. He assists employers in developing employee handbooks, personnel policies, employment contracts, non-compete agreements, severance agreements, and other employment-related documents.

Read more about Brian L. McDermott
Show more Show less
Photo of Kelly E. Eisenlohr-Moul Kelly E. Eisenlohr-Moul

Kelly Elisabeth Eisenlohr-Moul is a principal in the Chicago, Illinois, office of Jackson Lewis P.C. Kelly understands that when retaining an employment firm clients should expect an investment in a relationship by their attorney, leading her to prioritize learning about clients’ businesses and…

Kelly Elisabeth Eisenlohr-Moul is a principal in the Chicago, Illinois, office of Jackson Lewis P.C. Kelly understands that when retaining an employment firm clients should expect an investment in a relationship by their attorney, leading her to prioritize learning about clients’ businesses and building the institutional knowledge and internal relationships that lead to better litigation results.

Read more about Kelly E. Eisenlohr-Moul
Show more Show less
Related Posts
The Hidden Legal Minefield: Compliance Concerns with AI Smart Glasses, Part 4: Data Security, Breach Notification, and Third-Party AI Processing Risks
January 16, 2026
The Hidden Legal Minefield: Compliance Concerns with AI Smart Glasses, Part 3 –Privacy, Surveillance, and Labor Law Violations
December 29, 2025
Recent Developments in Artificial Intelligence and Privacy Legislation in New York State
December 23, 2025